From 64c09e17d03b24690d434b79a2919b849ff58b2a Mon Sep 17 00:00:00 2001
From: Ioannis Igoumenos <ioigoume@gmail.com>
Date: Tue, 14 Apr 2026 10:55:32 +0000
Subject: [PATCH] add security salt

---
 app/tests/bootstrap.php | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/app/tests/bootstrap.php b/app/tests/bootstrap.php
index 76adbb7cb..050abc3df 100644
--- a/app/tests/bootstrap.php
+++ b/app/tests/bootstrap.php
@@ -36,12 +36,9 @@
 require dirname(__DIR__) . '/config/bootstrap.php';
 
 // Ensure Security salt is set for tests (needed by CSRF middleware, hashes, etc).
-// In CI we inject it via env (COMANAGE_REGISTRY_SECURITY_SALT).
-if (!Security::getSalt()) {
-  $salt = getenv('COMANAGE_REGISTRY_SECURITY_SALT') ?: 'phpunit-security-salt';
-  Security::setSalt($salt);
-}
-
+// Security::getSalt() throws when not set, so don't call it to check.
+$salt = getenv('COMANAGE_REGISTRY_SECURITY_SALT') ?: 'phpunit-security-salt';
+Security::setSalt($salt);
 
 if (empty($_SERVER['HTTP_HOST']) && !Configure::read('App.fullBaseUrl')) {
   Configure::write('App.fullBaseUrl', 'http://localhost');